1 files changed, 35 insertions, 0 deletions

diff --git a/lib/puppet/parser/functions/generate.rb b/lib/puppet/parser/functions/generate.rb
new file mode 100644
index 000000000..1be9016ed
--- /dev/null
+++ b/lib/puppet/parser/functions/generate.rb
@@ -0,0 +1,35 @@
+# Runs an external command and returns the results
+Puppet::Parser::Functions::newfunction(:generate, :type => :rvalue,
+        :doc => "Calls an external command and returns the results of the
+        command.  Any arguments are passed to the external command as
+        arguments.  If the generator does not exit with return code of 0,
+        the generator is considered to have failed and a parse error is
+        thrown.  Generators can only have file separators, alphanumerics, dashes,
+        and periods in them.  This function will attempt to protect you from
+        malicious generator calls (e.g., those with '..' in them), but it can
+        never be entirely safe.  No subshell is used to execute
+        generators, so all shell metacharacters are passed directly to
+        the generator.") do |args|
+
+            unless args[0] =~ /^#{File::SEPARATOR}/
+                raise Puppet::ParseError, "Generators must be fully qualified"
+            end
+
+            unless args[0] =~ /^[-#{File::SEPARATOR}\w.]+$/
+                raise Puppet::ParseError,
+                    "Generators can only contain alphanumerics, file separators, and dashes"
+            end
+
+            if args[0] =~ /\.\./
+                raise Puppet::ParseError,
+                    "Can not use generators with '..' in them."
+            end
+
+            begin
+                output = Puppet::Util.execute(args)
+            rescue Puppet::ExecutionFailure => detail
+                raise Puppet::ParseError, "Failed to execute generator %s: %s" %
+                    [args[0], detail]
+            end
+            output
+end